Where's the security, Marty McFly?

It’s finally here – the day that Marty McFly and Doc Brown will arrive in their time travelling DeLorean. Wearable technology, multi-channel television and the odd 1980’s Apple Macintosh in an antique shop will all come as no surprise.

They might be a little disappointed, however, to discover that the future they have arrived in doesn’t possess all the cool tech like Fusion reactors, holographic projection and more importantly real hoverboards, that will enable them to avoid the unwanted attentions of characters like old Biff, Needles and Griff.

However, in the place of this missing tech they’ll find the Internet, smartphones, tablets and other cool gadgets that they might not have expected.

They’ll also find a wealth of cyber security challenges that just weren’t anticipated, or maybe had actually been solved in the alternate version of 2015 they previously arrived in (temporal paradoxes withstanding). So, if you should happen to spot the pair flying in to a town near you, maybe you could get them to share the cyber security solutions that the fictional 2015 had clearly solved.

We’ve got some good solutions ourselves in many of these spaces but it’s always good to learn more. With that in mind, here are some of the pressing questions we have about their experience of the alternate 2015:

Q1: Drone Dog Walking

So, in the fictional 2015 there are drones that can take your dog for walkies. However, how are they secured? We’d probably consider these to be part of the Internet of Things (IoT) and therefore we’re still coming to terms with how we manage the security of a myriad of technologies all designed to be Internet enabled.

The concern in today’s 2015 is that, while drones hanging on to leads could be a reality, securing them against attack could be a challenge. Mischievous hackers would doubtless be looking at reprogramming them for fun, leading our pets a merry dance. There could be others with a slightly more sinister intention were they to access these connected devices, walking animals such as guard dogs to either lead them into harm (no pun intended) or just exhaust them so they become ineffective.

We know that if the vendors of this type of technology understand the security threats their products are facing – and build in the controls needed to protect against them – we can solve this problem. Perhaps in our alternate 2015, they just got really good at putting this into practice, maybe Doc or Marty will know more.

Q2: Hoverboards – were the blueprints stolen?

Like everyone else, we want to know ‘where are they?’ Perhaps at some point between 1985 and today, the companies developing hover technology have had their designs tampered with, which is why we’re still struggling to get it right.

Yes, true – Lexus has made a valiant attempt and should be applauded for its ‘hover board’, but you have to admit that a metal track and magnets is never going to scale!

How did the inventors protect their intellectual property so they were able to achieve such saturation of the technology and undoubtedly massive commercial success? In today’s 2015 we’re still struggling to manage the theft of such valuable Intellectual Property from both large and small organisations. Maybe hoverboard tech just wasn’t on the attacker’s radar, but more likely those companies had great cyber security to protect it.

This is one area that organisations are now starting to get their heads around but some advice from our time travelling friends would help.

Q3: Flying Cars

This one is really important – especially given the public disclosures about the insecurity of vehicles that we’re currently seeing. How did the alternate 2015 manage to secure the highly complex transport network control systems associated with personal flying vehicles to prevent hackers causing chaos in our skies!

In the alternate future the skyways appeared to be highly dangerous and in need of some advanced piloting skills. However, given the current direction of technology maybe Doc was faking it and all the cars are actually driving themselves.

One thing is clear though, we can’t even begin to think about letting our cars take to the skies if we still can’t control them while driving on solid ground! That said the increased awareness of the need for security in these technologies will drive improvement and we’re confident that we’ll be able to manage this in the future.

All things considered though, maybe it’s better if they don’t arrive as, without flying capabilities, many of us might conclude that our roads simply aren’t clear enough to hit the necessary 88 mph to travel back in time, so Marty and Doc would be trapped! But that’s another debate for another day!

Q4: Biometrics

Fictional 2015 is all over this one with the police able to identify anyone on the street from their fingerprint and even the press identifying individuals in a story for the newspaper, based seemingly on facial recognition performed by their drones.

Today’s Governments are fighting two battles with this – how to secure systems so they can’t be exploited by nefarious individuals (or even states), and how have they overcome the raging debate between security versus right to privacy.

As the citizens of Hill Valley seem to be content with the use of this kind of technology, perhaps Doc Brown could shed some light on how they managed it and whether everyone is as happy with this as they appear to be?

Q5: Access Control Systems

Leading on from biometrics in general terms, and into deployments of it – it would be good to unlock the secret (yes, pun intended this time) of replacing our physical locks with palm readers. I think we’re on the right line with some of the adoptions we’ve seen, such as smartphone developments, iris scanners, etc., but we’ve still got a long way to go to have confidence that this is a method of securing our houses.

In the Hilldale of the alternate future, clearly not the nicest neighbourhood around, the technology is ubiquitous and used to grant access to every house. How is that being managed and secured and is it also in use on secure facilities? Maybe this is an area of tech that we’re better at securing than they were, after all an unconscious, younger version of Jennifer was able to open her own front door.

Certainly something to ask Doc and Marty about and maybe something where we can share some of our successes with them.

Q6: Intruder Detection

Spotting unauthorised transactions in financial systems is also clearly working well in 2015 Hill Valley, so they must have mature detection capabilities in place. Mr Fujitsu is clearly able to spot these in real time and even connect directly with his employees to follow up on it in a pseudo investigation, also known as a Human Resources fail.

If the detection capabilities for spotting this are so mature does that also extend into other areas of IT? So the question to ask is whether Mr Fujitsu is able to track the APT activity in his business so effectively? We work with companies who have this capability today so maybe this is another area we’re living up to.

In summary

So whilst this article is written purely for your entertainment (unless you really do bump into Marty and his flying car – in which case we’re deadly serious), the capabilities of the authorities portrayed in the film clearly aren’t perfect. For one thing, they weren’t able to detect the temporal displacement associated with the DeLorean whizzing back and forth in time.

But maybe we should be congratulating Doc for his apparently flawless OpSec (well except for the Plutonium theft) by keeping his invention so secret and not allowing anyone to realise what he was doing. After all you don’t need to be able to detect something that doesn’t exist… or do you?

In reality though, the one thing that we really learn from Marty’s trip forward in time (and therefore this article), is that the pervasiveness and importance of cyber security simply wasn’t in the consciousness of filmmakers and the general public just under 30 years ago. One thing is for certain, predicting what it will look like in 30 years’ time will be tough.

Martyn Ruks, Technical Director of MWR InfoSecurity

The post If you see Marty McFly, can you tell him… appeared first on IT SECURITY GURU.